Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TDSS/Rootkit Infection?


  • This topic is locked This topic is locked
2 replies to this topic

#1 muffintoast

muffintoast

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 19 April 2009 - 01:20 PM

Hi there. I've been referred to this forum from "Am I infected?". I know there's been an incredibly high demand for assistance lately, so I will be patient and grateful for any help you may offer. A quick rundown of my problem: Around 4/3 google links started redirecting to unrelated sites. Nothing picked up from the usual scans (McAfee, MBAM, SAS, Windows defender, even windows one live online scanner). I took this as a sign of infection, as it was very similar to the beginning of a Vundo infection I had late last year, so immediately limited my net connection to only when absolutely necessary.

Shortly after, windows update and windows security center would disable themselves. McAfee stopped working, and would not update. MBAM, SAS would not update. It then got to the point where when I would open these programs up, all I would get is a blank window; therefore unable to troubleshoot, or even enable/disable them. Around the same time, I would be unable to connect to security program websites. Incredibly frustrating.

I did some peeking around, and did find several instances of TDSS.sys in my registry, though unable to delete. I updated my java version at someone's suggestion. Somehow later, my McAfee started opening up again. I was then able to update and scan - showed nothing. I'm confused at this point and ready to throw my comp out the window. I don't know if there's any infection left, or how to clean up it's remnants. Can anyone help? Thanks in advance!

Here's the link to my previous post with steps I've already followed including GMER, Kaspersky and Process explorer scans: http://www.bleepingcomputer.com/forums/t/219754/tdss-infection/


DDS (Ver_09-03-16.01) - NTFSx86
Run by Jane Doe at 8:28:50.14 on Sun 04/19/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1022.432 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Documents and Settings\Jane Doe\Desktop\dds.scr
C:\WINDOWS\system32\wscntfy.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearch Bar = hxxp://www.comcast.net/toolbar2.0/search/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.comcast.net/toolbar2.0/search/
BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 3.1\aoltb.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IntelMeM] c:\program files\intel\modem event monitor\IntelMEM.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe
mRun: [tgcmd] c:\program files\support.com\bin\tgcmd.exe /server /startmonitor /deaf
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [USBToolTip] c:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
StartupFolder: c:\docume~1\janedo~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~2.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 3.1\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 3.1\aoltb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: pqrlhf.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\janedo~1\applic~1\mozilla\firefox\profiles\mr7rhbqc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFFab&query=
FF - plugin: c:\documents and settings\Jane Doe\application data\mozilla\firefox\profiles\mr7rhbqc.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-18 201320]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-18 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-18 144704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 iComp;Hauppauge WinTV PVR2 USB2 Encoder;c:\windows\system32\drivers\HCWUSB2.sys [2006-12-28 1458688]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-18 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-18 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-18 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-18 40488]
S3 ATIDACXX;ATI DTV Wonder Analog Audio Capture Device;c:\windows\system32\drivers\atidacxx.sys [2006-11-28 12800]
S3 ATIDDCXX;ATI DTV Wonder Digital BDA Capture Device;c:\windows\system32\drivers\atiddcxx.sys [2006-11-28 10112]
S3 ATIDTUXX;ATI DTV Wonder Digital And Analog Tuner Device;c:\windows\system32\drivers\atidtuxx.sys [2006-11-28 44544]
S3 ATIDVCXX;ATI DTV Wonder Analog AV Capture Device;c:\windows\system32\drivers\atidvcxx.sys [2006-11-28 201472]
S3 ATIDXBXX;ATI DTV Wonder Analog AV Crossbar Device;c:\windows\system32\drivers\atidxbxx.sys [2006-11-28 9728]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-18 33832]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]

=============== Created Last 30 ================

2009-04-18 21:21 8,192 a------- c:\windows\system32\SET19F0.tmp
2009-04-18 21:21 20,480 a------- c:\windows\system32\SET19D1.tmp
2009-04-18 21:21 177,152 a------- c:\windows\system32\SET19A6.tmp
2009-04-18 21:21 159,232 a------- c:\windows\system32\SET198A.tmp
2009-04-18 21:21 354,304 a------- c:\windows\system32\SET1974.tmp
2009-04-18 21:21 13,824 a------- c:\windows\system32\SET1970.tmp
2009-04-18 21:21 438,784 a------- c:\windows\system32\SET1968.tmp
2009-04-18 21:21 80,896 a------- c:\windows\system32\SET196F.tmp
2009-04-18 21:21 6,656 a------- c:\windows\system32\SET196C.tmp
2009-04-18 21:17 21,504 a------- c:\windows\system32\SETB55.tmp
2009-04-18 21:15 19,569 a------- c:\windows\003066_.tmp
2009-04-18 21:13 539,136 a------- c:\windows\system32\dllcache\msftedit.dll
2009-04-18 21:12 574,464 a------- c:\windows\system32\drivers\ntfs.sys
2009-04-18 09:18 9,899 a------- c:\windows\system32\Config.MPF
2009-04-18 09:09 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
2009-04-18 09:09 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
2009-04-18 09:09 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-04-18 09:09 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-04-18 09:09 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
2009-04-18 09:09 113,952 a------- c:\windows\system32\drivers\Mpfp.sys
2009-04-18 09:09 --d----- c:\program files\McAfee.com
2009-04-18 09:09 --d----- c:\program files\common files\McAfee
2009-04-18 09:08 --d----- c:\program files\McAfee
2009-04-15 22:15 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-15 18:23 --d----- C:\GMER
2009-04-14 23:07 2,897,920 -------- c:\windows\system32\_003559_.tmp.dll
2009-04-14 23:07 382,464 -------- c:\windows\system32\_003560_.tmp.dll
2009-04-14 19:57 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-14 19:53 1,193,414 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-13 22:06 20,480 a------- c:\windows\system32\SET13F0.tmp
2009-04-13 22:06 177,152 a------- c:\windows\system32\SET13C3.tmp
2009-04-13 22:06 159,232 a------- c:\windows\system32\SET13A7.tmp
2009-04-13 22:06 354,304 a------- c:\windows\system32\SET1391.tmp
2009-04-13 22:06 13,824 a------- c:\windows\system32\SET138D.tmp
2009-04-13 22:04 471,552 a------- c:\windows\system32\SET77F.tmp
2009-04-13 22:04 95,744 a------- c:\windows\system32\SET785.tmp
2009-04-13 22:02 59,904 a------- c:\windows\system32\SET339.tmp
2009-04-13 22:01 19,569 a------- c:\windows\003054_.tmp
2009-04-13 22:00 2,897,920 -------- c:\windows\system32\_003522_.tmp.dll
2009-04-13 22:00 382,464 -------- c:\windows\system32\_003523_.tmp.dll
2009-04-13 22:00 78,336 a------- c:\windows\system32\dllcache\ieencode.dll
2009-04-13 20:30 --d----- c:\windows\system32\scripting
2009-04-13 20:30 --d----- c:\windows\system32\en
2009-04-13 20:30 --d----- c:\windows\system32\bits
2009-04-13 20:30 --d----- c:\windows\l2schemas
2009-04-13 20:29 --d----- c:\program files\JRE
2009-04-13 20:27 --d----- c:\documents and settings\Jane Doe\dwhelper
2009-04-12 19:13 58,368 a------- c:\windows\system32\SET6F0.tmp
2009-04-12 19:12 297,984 a------- c:\windows\system32\SET59E.tmp
2009-04-12 08:45 --d----- c:\docume~1\janedo~1\applic~1\McAfee
2009-04-12 08:00 --d----- c:\program files\common files\McAfee(2)
2009-04-11 14:36 1,323 a------- c:\windows\system32\sqlsodbc.chm
2009-04-11 14:36 71,040 -------- c:\windows\system32\drivers\_003417_.tmp.dll
2009-04-11 14:36 71,040 -------- c:\windows\system32\drivers\_003399_.tmp.dll
2009-04-11 09:00 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-11 09:00 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-11 09:00 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-09 21:02 --d----- c:\windows\system32\NtmsData
2009-04-09 20:02 --d----- c:\docume~1\janedo~1\applic~1\OpenOffice.org
2009-04-09 19:51 --d----- c:\program files\OpenOffice.org 3
2009-04-05 13:06 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-04-05 13:06 23,848 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-04-05 13:06 --d----- c:\program files\iPod
2009-04-05 13:06 --d----- c:\program files\iTunes
2009-04-05 13:06 --d----- c:\docume~1\alluse~1\applic~1\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}

==================== Find3M ====================

2009-03-21 09:18 986,112 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-21 09:18 986,112 -------- c:\windows\system32\_003544_.tmp.dll
2009-03-21 09:18 986,112 -------- c:\windows\system32\_003507_.tmp.dll
2009-03-19 19:37 176,864 a------- c:\docume~1\janedo~1\applic~1\GDIPFONTCACHEV1.DAT
2009-03-06 09:44 283,648 a------- c:\windows\system32\pdh.dll
2009-03-06 09:44 283,648 a------- c:\windows\system32\dllcache\pdh.dll
2009-03-02 19:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-02 19:18 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-27 23:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 05:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 05:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 00:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-09 05:19 1,846,272 a------- c:\windows\system32\win32k.sys
2009-02-09 05:19 1,846,272 a------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 05:19 1,846,272 -------- c:\windows\system32\_003480_.tmp.dll
2009-02-09 05:19 1,846,272 -------- c:\windows\system32\_003467_.tmp.dll
2009-02-06 12:24 2,180,480 a------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-06 12:22 2,136,064 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 12:22 2,136,064 a------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 12:14 110,592 a------- c:\windows\system32\services.exe
2009-02-06 12:14 110,592 a------- c:\windows\system32\dllcache\services.exe
2009-02-06 12:14 110,592 -------- c:\windows\system32\_003502_.tmp.dll
2009-02-06 12:14 110,592 -------- c:\windows\system32\_003478_.tmp.dll
2009-02-06 11:54 35,328 -------- c:\windows\system32\sc.exe
2009-02-06 11:49 2,057,728 a------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-06 11:49 2,015,744 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:49 2,015,744 a------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-06 11:39 227,840 a------- c:\windows\system32\dllcache\wmiprvse.exe
2009-02-03 15:08 55,808 a------- c:\windows\system32\secur32.dll
2009-02-03 15:08 55,808 a------- c:\windows\system32\dllcache\secur32.dll
2005-12-26 00:12 251 a------- c:\program files\wt3d.ini

============= FINISH: 8:29:45.59 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 muffintoast

muffintoast
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:11:10 PM

Posted 01 May 2009 - 09:42 AM

please close this thread - i no longer need help.

thanks.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:12:10 AM

Posted 01 May 2009 - 11:06 PM

Thanks for informing us.

This thread is closed.
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users